{ config, pkgs, lib, self, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { imports = [ ./hardware-configuration.nix ]; config = { age.secrets.environment-secrets = { file = "${self}/secrets/environment-secrets.age"; mode = "700"; owner = "teutat3s"; }; pub-solar = { audio.mopidy.enable = lib.mkForce false; core.hibernation = { enable = true; resumeDevice = "/dev/mapper/cryptroot"; resumeOffset = 47366144; }; virtualisation.enable = true; }; # fix backlight for keyboard and brightness, adjust function key binding, # intel_pstate for cpu schedutil, resume offset for swapfile, disable amdgpu driver boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" ]; boot.loader.efi.canTouchEfiVariables = true; #boot.resumeDevice = "/dev/mapper/cryptroot"; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; systemd.sleep.extraConfig = '' HibernateMode=shutdown ''; hardware = { cpu.intel.updateMicrocode = true; facetimehd.enable = true; }; services.resolved = { enable = true; # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 extraConfig = '' DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net Domains=~. DNSOverTLS=yes DNSSEC=false ''; }; services.mozillavpn.enable = true; networking = import ./networking.nix; security.pki.certificateFiles = [ ./consul-agent-ca.pem ]; services.unbound = import ./unbound.nix; # Disable dedicated GPU, use integrated Intel GPU to save battery # Set default brightness to 50% # https://ubuntuforums.org/showthread.php?t=2409856 services.cron.systemCronJobs = [ "@reboot root ${pkgs.util-linux}/bin/rfkill block bluetooth" "@reboot root ${pkgs.coreutils}/bin/sleep 10; ${pkgs.coreutils}/bin/echo OFF > /sys/kernel/debug/vgaswitcheroo/switch" "@reboot root ${pkgs.coreutils}/bin/sleep 11; ${pkgs.coreutils}/bin/echo 510 > /sys/class/backlight/gmux_backlight/brightness" ]; # Increase console font size for HiDPI display console = { earlySetup = true; font = lib.mkForce "ter-i32b"; packages = [ pkgs.terminus_font ]; }; # Thunderbolt tools services.hardware.bolt.enable = true; powerManagement = { # Use new schedutil govenor # https://github.com/NixOS/nixpkgs/pull/42330 # https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil cpuFreqGovernor = lib.mkDefault "schedutil"; # brcmfmac being loaded during hibernation would inhibit a successful resume # https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116. # Also brcmfmac could randomly crash on resume from sleep. powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac"; powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac"; }; # change lid switch behaviour #services.logind.lidSwitch = "hibernate"; # TLP for power management services.tlp = { enable = true; settings = { CPU_SCALING_GOVERNOR_ON_AC = "performance"; CPU_SCALING_GOVERNOR_ON_BAT = "schedutil"; CPU_BOOST_ON_AC = 1; CPU_BOOST_ON_BAT = 0; }; }; services.udev.extraRules = # Disable XHC1 wakeup signal to avoid resume getting triggered some time # after suspend. Reboot required for this to take effect. lib.optionalString (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13") ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"''; services.printing.enable = true; services.printing.drivers = [ pkgs.brlaser ]; home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { # Custom device sway configs xdg.configFile = mkIf psCfg.sway.enable { "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; }; }; users.users.teutat3s = { extraGroups = [ "unbound" ]; }; # WLAN frequency compliance (e.g. check for radar with DFS) # # Radeon driver seems to work better than amdgpu with Radeon R9 M370X hardware.firmware = with pkgs; [ wireless-regdb ]; boot.extraModprobeConfig = '' options cfg80211 ieee80211_regdom="DE" ''; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "21.05"; # Did you read the comment? }; }